7.5
CVE-2025-22364 - WordPress Ach Invoice App plugin <= 1.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Service Shogun Ach Invoice App ach-invoice-app allows PHP Local File Inclusion.This issue affects Ach Invoice App: from n/a through <= 1.0.1.
6.4
CVE-2024-12699 - Service Box <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary weβ¦
7.5
CVE-2024-12152 - MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain β¦
4.3
CVE-2024-12719 - WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Patβ¦
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level acβ¦
4.4
CVE-2024-54030 - Communication_dsoftbus has an UAF vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOSΒ through use after free.
8.8
CVE-2024-47398 - Liteos_a has an out-of-bounds write vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
5.5
CVE-2024-45070 - Liteos_a has an out-of-bounds read vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
6.8
CVE-2024-11627 -
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327,Β from 15.2.8400 through 15.2.8421.
8.4
CVE-2024-11626 -
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15β¦
7.7
CVE-2024-11625 -
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.